We talk about different standards/Best practices with different objectives in mind. For IT governance its CoBIT, for Security its 7799 and for Service management its ITIL(BS15000/ISO 20000). But when we consider process, it is going to be unique for every activity carried out in organization. ITIL addresses processes, 7799 addresses controls and not processes, CoBIT address only control objectives.

If we have to implement all standards in the organization how to mould the processes to fulfill all the requirements? All we should have different process for different standrars altogether.

ISACA has given mapping document for all three, but I think that mapping is just for satisfaction. Its does not create conplete standard.

The Australian Standards body has recently released AS 8015 which is the first offical standard for IT Governance. And is designed specifically to work with 8018. The road map is for a 'stack' of integrated standards that cover the whole IT space, in a coherent and consistent manner.

I suspect, RJP, that like BS15000 AS 8018 will have been replaced by ISO 20000. This was published last week (circa December 18th).

Obviously it is a major development, as for the first time there is now an international service management standard, rather than a series of national ones. The implications will be immense, but it will take time to filter through.

The relationship with ITIL is close, with ITIL operating at a lower level in the triangle, and interestingly, being 'swappable' with other similar frameworks.

They complement one another reasonably well as COBIT is more about the governance and control of processes. It provides some metrics that can be used as KPIs as well as those that look at measuring the process effectiveness towards the overall goal.